AMENDMENTS TO THE CLAIMS 

Claims 1-3, 5, 10, 11, 15, 16, 18, 19, 21, 23-26, 28-30, 32, 34, 37-39, 41, 43-51, 54 and 
57-62 are amended herein. Claims 52 and 53 are cancelled. All pending claims and their present 
status are reproduced below. 

1. (Currently Amended) A computer-implemented method for managing temporary access to a 
resourc e first user's data, comprising: 

receiving, from a first use r, a messa&e at an authentication server, the first user having an 
authentication credential with respect to th e resourc e , a first user's account used to 
interact with the first user's data through an application, the m essage that a second 
user be granted temporary access to the r e sourc e first user's data through the 
a pplication : 

receiving, from the second user, a request at the authentication server, [[a]] tiie request to 
access the r e sourc e first user's data through the application : and 

responsive to the request fi"om the second user, obtaining the first user's authentication 
credential and granting the second user temporary access to the r e source first user's 
data through the application by providing to the r e sourc e application the first user's 
authentication credential, wherein the first user's authentication credential is not 
provided to the second user. 

2. (Currently Amended) The method of claim 1, wherein granting the second user temporary 
access comprises activating a temporary access credential for the second user. 
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3. (Currently Amended) The method of claim 1, wherein granting the second user temporary 
access comprises creating an entity relationship between an account associated with the second 
user and an account associated with the first user. 

4. (Original) The method of claim 3, wherein the account associated with the second user 
comprises a support representative accoxmt. 

5. (Currently Amended) The method of claim 1, wherein the message identifies the second user 
and specifies a level of access for the second user, and wherein granting the second user 
temporary access comprises granting the specified level of access. 

6. (Original) The method of claim 1, wherein the second user belongs to a group of users, and 
the message identifies the group of users to which the second user belongs. 

7. (Original) The method of claim 6, fiirther comprising: 

receiving an identifier fi'om the second user, identifying the second user as belonging to 
the group of users. 

8. (Original) The method of claim 6, further comprising: 

authenticating the second user as belonging to the group of users. 

9. (Original) The method of claim 6, wherein the group comprises support representatives. 

10. (Currently Amended) The method of claim 1, further comprising: 

authenticating the second user; 
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and wherein granting the second user temporary access to the r e source first user's data 
comprises: 

responsive to the request from the second user and responsive to the authentication of the 
second user being successful, granting the second user temporary access to the 
r e source first user's data by providing the first user's authentication credential to th e 
resourc e. 

1 1 . (Currently Amended) The method of claim 1 , wherein granting the second user temporary 
access to the resourc e first user's data comprises granting the second user a level of access 
different from a level of access available to the first user. 

12. (Original) The method of claim 1, wherein receiving the message comprises receiving the 
message via a network. 

13. (Original) The method of claim 12, wherein receiving the request comprises receiving the 
request via the network. 

14. (Original) The method of claim 12, wherein receiving the request comprises receiving the 
request via a second network. 

15. (Currently Amended) The method of claim l,fiirther comprising storing in an audit log 
information describing the second user's access to the r e sourc e first user's data and identifying 
the second user in connection with the access. 

16. (Currently Amended) A computer-implemented method for managing levels of access to a 
r e sourc e first user's data for at least two users, comprising: 
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establishing a control relationship between a first user's authentication credential and a 
second user's authentication credential, the control relationship allowing the first user 
to specify at least one parameter of the second user's level of access to a r e sourc e first 
user's data : 

receiving, from a first user, a message at an authentication server, the first user having an 
authentication credential with respect to a first user's account used to interact with ttie 
first user's data through an application, the message that a second user be granted 
temporary access to the first user's data through the application; 

receiving, from the second user, a request at the authentication server, [[a]] the request to 
access the r e sourc e first user's data through the application ; and 

responsive to the request from the second user, granting the second user access to the 
r e sourc e first user's data through the application according to the second user's level 
of access as specified by the first use r, bv providing to the application the first user's 
authentication credential wherein the first user's authentication credential is not 
provided to the second user . 

17. (Original) The method of claim 16, wherein the second user is a support representative. 

18. (Currently Amended) The method of claim 16, further comprising: 

terminating the second user's access to the resourc e first user's data . 

19. (Currently Amended) The method of claim 1 or 16, further comprising: 

terminating the second user's access to the resourc e first user's data after a predetermined 
time period. . 
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20. (Original) The method of claim 19, wherein the predetermined time period is selectable by 
the first user. 

21. (Currently Amended) The method of claim 1 or 16, further comprising: 

terminating the second user's access to the r e sourc e first user's data afler the second user 
has accessed the resourc e first user's data a predetermined number of times. 

22. (Original) The method of claim 21, wherein the predetermined number of times is selectable 
by the first user. 

23. (Currently Amended) The method of claim 1 or 16, further comprising: 

terminating the second user's access to the r e sourc e first user's data in response to a 
conraiand received firom the first user. 

24. (Currently Amended) The method of claim 1 or 16, further comprising: 

terminating the second user's access to the resourc e first user's data in response to a 
predetermined event. 

25. (Currently Amended) The method of claim 1 or 16, further comprising: 

responsive to granting the second user access, outputting, to the first user, notification of 
the second user's access to the r e sourc e first user's data . 

26. (Currently Amended) The method of claim 1 or 16, further comprising: 

responsive to granting the second user access, storing information describing the second 
user's access to the resourc e first user's data . 
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27. (Original) The method of claim 26, wherein storing information comprises storing the 
information in an audit log. 

28. (Currently Amended) The method of claim 1 or 16, further comprising: 

. storing information describing at least one subsequent interaction with the resourc e first 
user's data . 

29. (Currently Amended) The method of claim 28, wherein storing information comprises, for 
each interaction, storing information identifying which user accesses the r e sourc e first user's 
data. 

30. (Currently Amended) The method of claim 1 or 16, wherein the access to the resourc e first 
user's data by the second user is masked so that an appUcation through which the second user 
accesses the first user's data th e r e sourc e is unable to distinguish it the access bv the second user 
firom access by the first user. 

3 1 . (Original) The method of claim 16, wherein the first user's level of access is different from 
the second user's level of access. 

32. (Currently Amended) The method of claim 1 or 16, wherein the r e sourc e first user's data 
comprises at least one selected from the group consisting of: 

a data file; 

a data file stored at a server; 

an application; and 

data associated with the first user. 



Case 16319-05907 



-7- 



16319/05907/DOCS/1589246.3 



33. (Original) The method of claim 1 or 16, wherein the steps of the method are performed by a 
web-based application. 

34. (Currently Amended) A system for granting r e sourc e aoc e sG to a second user access to a 
first user's data in response to a message from a first user, comprising: 

an authenticator communicatively adapted to receive over a network connection 
authentication credentials of the first and second users and adapted to authenticate 
each user fi-om the authentication credentials; 

an access level control module, communicatively coupled to the authenticator, for 

defining for each user a level of access to a r e sourc e for th e us e r first user's data : and 

a resource interface, communicatively coupled to the access level control module, for 
granting the second user access to the r e sourc e first user's data through the resource 
interface by providing the first user's authentication credential to the authenticator for 
authentication, wherein the first user's authentication credential is not provided to the 
second user. 

35. (Original) The system of claim 34, wherein the access level control module activates a 
temporary access credential for the second user. 

36. (Original) The system of claim 34, wherein the access level control module creates an entity 
relationship between an account associated with the second user and an account associated with 
the first user. 

37. (Currently Amended) A system for granting r e sourc e acc e ss to a second user access to a 
first user's data in response to a message from a first user, comprising: 
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an access level control module, for establishing a control relationship between an 

authentication credential associated with the first user and an authentication credential 
associated with the second user, the control relationship allowing the first user to 
control at least one parameter of the second user's level of access; and 

a resource interface, coupled to the access level control module, for granting the second 
user access to the r e source first user's data through the resource interface according to 
the second user's level of access, by providing to th e r e sourc e the first user's . 
authentication, wherein the first user's authentication credential is not provided to the 
second user. 

38. (Currently Amended) The system of claim 34 or 37, wherein the resource interface further 
terminates the second user's access to the r e sourc e first user's data . 

39. (Currently Amended) The system of claim 34 or 37, wherein the resource interface fiirther 
terminates the second user's access to the resourc e first user's data after a predetermined time 
period. 

40. (Original) The system of claim 39, wherein the predetermined time period is selectable by 
the first user. 

41 . (Currently Amended) The system of claim 34 or 37, wherein the resource interface fiirther 
terminates the second user's access to the resourc e first user's data after the second user has 
accessed the resourc e first user's data a predetermined number of times. 

42. (Original) The system of claim 41, wherein the predetermined number of times is selectable 
by the first user. 
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43. (Currently Amended) The system of claim 34 or 37, wherein the resource interface further 
terminates the second user's access to the r e source first user's data in response to a command 
received from the first user. 

44. (Currently Amended) The system of claim 34 or 37, wherein the resource interface fiirther 
terminates the second user's access to the r e sourc e first user's data in response to a 
predetermined event. 

45. (Currently Amended) The system of claim 34 or 37, fiirther comprising: 

an output device, coupled to the resource interface, for outputting, to the first user, 
notification of the second user's access to the r e sourc e first user's data . 

46. (Currently Amended) The system of claim 34 or 37, fiirther comprising: 

a storage device, coupled to the resource interface, for storing information describing the 
second user's access to the resourc e first user's data . 

47. (Currently Amended) The system of claim 46, wherein the storage device stores 
information identifying which user accesses the r e sourc e first user's data . 

48. (Currently Amended) The system of claim 34 or 37, wherein the access to the resource first 
user's data by the second user is masked so that an application through which the second user 
accesses the first user's data the rosourc e is unable to distinguish it the access by the second user 
from access by the first user; 
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comprises at least one selected from the group consisting of: 
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a data file; 

a data file stored at a server; 

an applioation; and 

data associated with the first user. 

50, (Currently Amended) In a client/server system for granting r e sourc e acc e ss to a second user 
access to a first user's data in response to a message firom a first user specifying that the second 
user be granted access to the r e source first user's data , a server comprising: 

an authenticator, for authenticating each user according to authentication credentials; 

an access level control module, coupled to the authenticator, for defining a level of access 
to the resourc e first user's data for each user; and 

a resource interface, coupled to the access level control module, for granting to a client 
operated by the second user access to the r e sourc e first user's data through the 
resource interface by providing to th e r e sourc e the first user's authentication 
credential to the authenticator, wherein the first user's authentication credential is not 
provided to the second user. 

5 1 . (Currently Amended) Li a client/server system for granting r e sourc e access to a second user 
access to a first user's data in response to a message from a first user specifying that the second 

r 

user be granted access to the r e sourc e first user's data, a server comprising: 

an access level control module, for establishing a control relationship between the first 
user's authentication credential and the second user's authentication credential, the 
control relationship allowing the first user to control at least one parameter of the 
second user's level of access; and 
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a resource interface, coupled to the access level control module, for granting to the client 
operated by the second user access to the r e sourc e first user's data through the 
resource interface according to the second user's level of access, by providing to th e 
resourc e the first user's authentication credential to the authenticaton wherein the first 
user's authentication credential is not provided to the second user. 

52. (Cancelled) 

53. (Cancelled) 

54. (Currently Amended) A computer program product comprising a computer-usable medium 
having computer-readable code embodied therein for managing temporary access to a resourc e 
first user's data , comprising: 

computer-readable program code configured to cause a computer to receive a message at 
an authentication server frJI from a first use r, the first user having an authentication 
credential with respect to the r e source, a first user's data, the message that a second 
user be granted temporary access to the r e sourc e first user's data : 

computer-readable program code configured to cause a computer to receive a request at 
the authentication server rr.H fi'om the second user, [[a]] the request to access the 
r e sourc e first user's data ; and 

computer-readable program code configured to cause a computer to, responsive to the 
request firom the second user, obtain the first user's authentication credential and 
grant the second user temporary access to the r e sourc e first user's data by providing 
to tho rooourc e the first user's authentication credential, wherein the first user's 
authentication credential is not provided to the second user. 
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55. (Original) The computer program product of claim 54, wherein the ciDmputer-readable 
program code configured to cause a computer to grant the second user access comprises 
computer-readable program code configured to cause a computer to activate a temporary access 
credential for the second user. 

56. (Original) The computer program product of claim 54, wherein the computer-readable 
program code configured to cause a computer to grant the second user access comprises 
computer-readable program code configured to cause a computer to create an entity relationship 
between an account associated with the second user and an account associated with the first user. 

57. (Currently Amended) The computer program product of claim 54, fiirther comprising: 

computer-readable program code configured to cause a computer to authenticate the 
second user; 

and wherein the computer-readable program code configured to cause a computer to 
grant the second user access to the r e source first user's data comprises: 

computer-readable program code configured to cause a computer to, responsive to the 
request firom the second user and responsive to the authentication of the second user 
being successfiil, grant the second user access to the r e sourc e first user's data by 
providing to th e r e sourc e the first user's authentication credential. 

58. (Currently Amended) A computer-implemented computer program product for managing 
levels of access to a r e sourc e first user's data for at least two users, comprising: 

computer-readable program code configured to cause a computer to establish a control 
relationship between a first user's authentication credential and a second user's 
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authentication credential, the control relationship allowing the first user to specify at 
least one parameter of the second user's level of access to a r e sourc e first user's data : 

computer-readable program code configured to cause a computer to receive, firom a first 
user, a message at an authentication server, the first user having an authentication 
credential v^ith respect to a first user's account used to interact with the first user's 
data through an application, the message that a second user be granted temporary 
access to the first user's data through the application; 

computer-readable program code configured to cause a computer to receive, firom the 
second user, a request at an authentication server [[a]] the request to access the 
resourc e first user's data through the appUcation : and 

computer-readable program code configured to cause a computer to, responsive to the 
request firom the second user, grant the second user access to the r e sourc e first user's 
data through the application according to the second user's level of access as 
specified by the first use r, bv providing to the application the first user's 
authentication credential, wherein the first user's authentication credential is not 
provided to the second user , 

59. (Currently Amended) The computer program product of claim 54 or 58, fiirther 
comprising: 

cpmputer-readable program code configured to cause a computer to, responsive to 
granting the second user access, store information describing the second user's 
access to the resourc e first user's data > 
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60. (Currently Amended) The computer prograni product of claim 54 or 5 8, further 
comprising: 

computer-readable program code configured to cause a computer to store information 
describing at least one subsequent interaction with the resourc e first user's data . 

61 . (Currently Amended) The computer program product of claim 60, wherein the computer- 
readable program code configured to cause a computer to store information comprises, 
computer-readable program code configured to cause a computer to, for each interaction, 
store information identifying which user accesses the r e source first user's data . 

62. (Currently Amended) Thecomputerprogramproductofclaim54or 58, wherein the 
access to the r e sourc e first user's data by the second user is masked so that an application 
through which the second user accesses the first user's data th e r e sourc e is unable to 
distinguish it the access by the second user from access by the first user. 
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